'Users' ('user') permission
There are several levels of access available via user handling methods to guarantee user personal data security:
- Access permission restrictions:
- user_brief allows getting basic information about users, without their contact data and custom fields. This scope is sufficient for scenarios when you need to display user full name within an application UI.
- user_basic allows getting not only basic information, but also extra Bitrix24 user contact data. This scope is needed for scenarios, associated with calls, email message dispatch performed in your application.
- Full access versions:
Attention! This is a maximum level of access to personal information, extra caution is advised.
- user, allows getting all standard fields in addition to allowing to invite new users and updating existing user data.
- user.userfield opens access to methods for handling user fields (expands list of available fields in methods for reading, included in the abovementioned scopes) for getting, adding, modifying and deleting user fields.
Limited user scope versions
These scopes cannot be added/updated user: methods user.add and user.update are unavailable. Only the following fields are available for getting user data in the rest of methods (starting from version Rest 21.600.0):
User scope full version
Full version has the following available fields (starting from version Rest 21.600.0):
|user.fields||Retrieves list of user field names.|
|user.current||Retrieves current user information.|
|user.update||Updates user information.|
|user.get||Retrieves list of filtered users.|
|user.search||Retrieves list of users with expedited search by personal data.|